GDPR

1. General and scope

 

»Kleinert-WEB.net« takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

 

If you use this website, use the functions offered or conclude a hosting contract with us, various personal data will be collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

 

As the controller responsible for processing, »Kleinert-WEB.net« has implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

 

2. Explanation of terms

 

It is our goal that this data protection declaration is easy to read and understand for the public as well as for customers and business partners and that it offers maximum transparency. We would therefore like to explain some of the terms used in advance.

 

Personal Data

 

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

 

Affected person

 

Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

 

processing

 

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

 

restriction of processing

 

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

 

Profiling

 

Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.

 

pseudonymization

 

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not assigned to an identified or identifiable natural person.

 

Responsible or responsible for processing

 

The person responsible or responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

 

processor

 

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

 

Recipient

 

Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

 

third party

 

Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

 

consent

 

Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is.

 

3. Name and address of the person responsible for processing

 

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

4. Legal

4.1 Your data protection rights

You have the right,

  • Request information on the categories of data processed, processing purposes, any recipients of the data, the planned storage period (Article 15 GDPR);
  • to request the correction or addition of incorrect or incomplete data (Article 16 GDPR);
  • to revoke a given consent at any time with effect for the future (Article 7 (3) GDPR);
  • to object to data processing that is to take place on the basis of a legitimate interest for reasons that arise from your particular situation (Article 21 (1) GDPR);
  • to request the deletion of data in certain cases within the framework of Art. 17 GDPR – in particular if the data is no longer required for the intended purpose or is being processed unlawfully, or you revoke your consent in accordance with Art. 7 Para. 3 GDPR or a have declared an objection in accordance with Article 21 (1) GDPR;
  • to request the restriction of data under certain conditions if deletion is not possible or the obligation to delete is disputed (Article 18 GDPR);
  • to data portability, i.e. you can transmit your data that you have provided to us in a common machine-readable format and, if necessary, to others (Article 20 GDPR;)
  • to complain to the responsible supervisory authority about the data processing. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

4.2 Legal bases for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

5. Processing of customer and contract data

5.1 Description, scope and purpose of data processing

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). If you order our services, the following data categories are collected in the order forms to be printed out:

Salutation

name or company

contact person if necessary

Address

phone number

E-mail address

Payment information (bank details, credit card information)

These are used to process your order, including payments, and to provide the associated services. This includes, for example, technical support or monitoring.

Your contact details are required to clarify any questions that may arise about your order, to send you access data and other information such as planned maintenance work, technical faults, safety instructions, etc., as well as to verify your order to protect against incorrect orders.

5.2 Legal Basis

Personal data is processed to provide server and hosting services as part of the execution of our contracts with our customers or to carry out pre-contractual measures that are carried out at your request.

The basis for data processing is Art. 6 (1) (b) GDPR

We also process your data in order to protect our legitimate interests or those of third parties (Art. 6 Para. 1 lit. f GDPR).

In particular, this may be necessary:

to carry out claim/dunning/collection procedures

In addition, we process your personal data to fulfill legal obligations, such as B. commercial and tax law retention requirements. In this case, the respective legal regulations i. In conjunction with Article 6 (1) (c) GDPR. If we want to process your personal data for a purpose not mentioned above, we will inform you beforehand within the framework of the statutory provisions.

5.3 Sharing of Data

Your data will not be passed on to third parties without your express consent, for example for advertising purposes. Likewise, your data will not be sold on to third parties by »Kleinert-WEB.net«!

a) Data transfer within »Kleinert-WEB.net«

Within »Kleinert-WEB.net«, those departments that need your data to fulfill our contractual and legal obligations will have access to it

b) Data transfer to third parties

We only transfer personal data to third parties if this is necessary within the framework of contract processing. This is usually the case in the following cases:

payment processing

Your payment data will be transmitted to the bank responsible for the payment for the purpose of payment processing. Credit card information is processed via heidelpay GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany. When paying with PayPal, the bank details you have stored with PayPal will be used by PayPal for the payment. We have no access to this data.

domain registrations

The domain registration requires the transmission of certain personal data, usually name and address, to the relevant national or international registration authorities and publication in the Whois databases that can be accessed by anyone. For the registration of a “.de domain”, for example, the name and address of the domain owner, the administrative and technical contact person and the zone administrator, as well as the telephone and fax numbers and e-mail address of the technical contact person and the zone administrator, are currently provided DENIC eG, Frankfurt/Main, and published in the DENIC database at www.denic.de on the Internet.

Certificate Orders

Personal data is also transmitted to the certificate issuer for the issuance of an SSL certificate.

As a rule, these include the data that can be accessed publicly from the Whois directory and, if necessary, other information required for issuing the respective certificate. These are currently: salutation, first name, last name, domain name, e-mail address, country and telephone number of the contract holder. You consent to this data being automatically transmitted to the certificate issuer when the certificate is created.

When procuring and/or maintaining SSL certificates, »Kleinert-WEB.net« only acts as an intermediary in the relationship between the customer and the respective certificate issuer. »Kleinert-WEB.net« has no influence on the process of issuing the certificate.

We also transmit data if there is a legal requirement. This is usually the case with:

Requests for information from investigative authorities

»Kleinert-WEB.net« can only release data information to authorities and third parties in accordance with the applicable legal regulations or a court order (e.g. for the purpose of criminal prosecution). Third parties only receive information if a legal provision explicitly provides for this. This case can e.g. B. in the case of copyright infringements.

c) Data transfer to a third country

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (domain registrations of international domains and certificate orders). The legal basis for this is Art. 49 (1) (c) GDPR.

5.4 Duration of Storage

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their – limited – further processing is necessary to fulfill commercial and tax retention periods. The storage and documentation periods stipulated there are up to ten years.

5.5 Obligation to provide data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order, or we will no longer be able to carry out an existing contract and may have to terminate it.

5.6 Existence of automated decision-making

In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and implement the business relationship.

6. Provision of the website and creation of log files

6.1 Description and scope of data processing

If you access our website without registering or otherwise providing us with information, we only collect the personal data that your web browser transmits to our server. If you want to view our website, we collect the following data that is technically necessary for us to enable you to view our website and to ensure stability and security:

IP address

Date and time of the request

Content of the website

access status

amount of data transferred

Website from which you came to our website

Browser type and browser version

operating system used

The data is also stored in the log files of our system. This data is not merged with other data sources.

​6.2 Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1lit. f GDPR.

6.3 Purpose of data processing

The collection and temporary storage of the IP address is necessary to enable our website to be displayed on your end device. To do this, your IP address must be saved for the duration of your visit to our website. Storage in log files serves to ensure the functionality and optimization of our website and to ensure the security of our information technology systems. An evaluation of this data for marketing purposes does not take place.

Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR also lies in these purposes.

6.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after 14 days. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

6.5 Disclosure of Data

The data is only passed on within the company to the respective specialist department.

Any further disclosure will only take place if:

You have given your express consent to this in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR

Disclosure pursuant to Article 6 Paragraph 1 Clause 1 Letter f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data

There is a legal obligation for the transfer according to Article 6 Paragraph 1 Clause 1 Letter c GDPR

This is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR

6.6 Possibility of objection and removal

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

7. Use of Cookies

7.1 Description and scope of data processing

The Internet pages of »Kleinert-WEB.net« use cookies. Cookies are text files that are filed and saved on a computer system via an Internet browser. If the user calls up a website, a cookie can be stored on the operating system of the respective user. This stored cookie contains unique character strings that enable the web browser to be uniquely identified when the page is called up again.

This website uses the following types of cookies, the scope and functionality of which are explained below.

Cookies that are stored as part of your web browser:

Session cookies: These are automatically deleted at the end of your visit.

7.2 Legal Basis for Data Processing

The legal basis for the use of personal data using session cookies is Art. 6 Para. 1 lit.f GDPR. The legal basis for the processing of personal data using opt-out cookies for analysis purposes is Article 6(1)(a) GDPR if the user has given their consent.

7.3 Purpose of data processing

The processing of personal data by the above cookies serves to make our website more user-friendly and effective for you overall. Some functions of our website cannot be offered without the use of these cookies. In particular, some functions of our website require that your web browser can still be identified after a page change. The data processed by cookies that are required to provide the functions of our website are not used to create user profiles.

Our legitimate interest in data processing lies in the above purposes.

7.4 Duration of storage, objection and deletion options

Since all cookies used are stored locally on your computer, you have full administrative freedom and control over them. Any changes or settings in your web browser can limit or completely disable the transmission of cookies. Likewise, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all standard web browsers. If the affected person/visitor deactivates the setting of cookies in the web browser used, this can restrict the functionality of our websites or stop the functionality entirely.

8. Contact form and email contact

8.1 Description and scope of data processing

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

Name

possibly company

E-mail address

Phone optional )

In addition, we record your IP address and the time of sending.

Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

8.2 Legal basis for data processing

The legal basis for processing the data is Art. 6 Para.1 lit.a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

8.3 Purpose of Data Processing

The processing of the personal data from the input mask serves us solely to process the contact.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

This is also our legitimate interest in the processing of your personal data.

8.4 Duration of storage

The data you enter in the contact form or send by e-mail will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

8.5 Sharing of Data

The data is only passed on within the company to the respective specialist department.

Any further disclosure will only take place if:

You have given your express consent to this in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR

Disclosure pursuant to Article 6 Paragraph 1 Clause 1 Letter f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data

There is a legal obligation for the transfer according to Article 6 Paragraph 1 Clause 1 Letter c GDPR

This is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR

8.6 Possibility of objection and removal

You can revoke the consent you have given us to process your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. We would like to point out that in this case your request cannot be processed further. You can declare your revocation or objection by sending an e-mail to our e-mail addresses given in this data protection declaration. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.